More chart fixups

AGENT_VERSION

@@ -1 +1 @@
-v0.6.22
+v0.6.24

assets/src/generated/graphql.ts

@@ -11715,6 +11715,8 @@ export type SentinelCheckIntegrationTestConfiguration = {
   __typename?: 'SentinelCheckIntegrationTestConfiguration';
   /** a list of custom test cases to run for this check */
   cases?: Maybe<Array<Maybe<SentinelCheckIntegrationTestCaseConfiguration>>>;
+  /** default configuration for integration test runs: default test cases and global behavior (e.g. namespace labels and annotations for created resources) */
+  default?: Maybe<SentinelCheckIntegrationTestDefaultConfiguration>;
   /** the distro to run the check on */
   distro?: Maybe<ClusterDistro>;
   /** the format of the job */
@@ -11734,6 +11736,8 @@ export type SentinelCheckIntegrationTestConfiguration = {
 export type SentinelCheckIntegrationTestConfigurationAttributes = {
   /** a list of custom test cases to run for this check */
   cases?: InputMaybe<Array<InputMaybe<SentinelCheckIntegrationTestCaseAttributes>>>;
+  /** default configuration for integration test runs: default test cases and global behavior (e.g. namespace labels and annotations for created resources) */
+  default?: InputMaybe<SentinelCheckIntegrationTestDefaultAttributes>;
   /** the distro to run the check on */
   distro?: InputMaybe<ClusterDistro>;
   /** the format of the job output */
@@ -11750,6 +11754,37 @@ export type SentinelCheckIntegrationTestConfigurationAttributes = {
   tags?: InputMaybe<Scalars['Json']['input']>;
 };
 
+export type SentinelCheckIntegrationTestDefaultAttributes = {
+  /** whether to ignore disable the default built-in test cases, in case you'd prefer to just use custom cases. */
+  ignore?: InputMaybe<Scalars['Boolean']['input']>;
+  /** annotations to apply to created namespaces, temporary namespaces are used for all test cases */
+  namespaceAnnotations?: InputMaybe<Scalars['Json']['input']>;
+  /** labels to apply to created namespaces, temporary namespaces are used for all test cases */
+  namespaceLabels?: InputMaybe<Scalars['Json']['input']>;
+  /** container image registry for test deployments */
+  registry?: InputMaybe<Scalars['String']['input']>;
+  /** annotations to apply to test deployments, useful if you need to opt out of policy enforcement */
+  resourceAnnotations?: InputMaybe<Scalars['Json']['input']>;
+  /** labels to apply to test deployments, useful if you need to opt out of policy enforcement */
+  resourceLabels?: InputMaybe<Scalars['Json']['input']>;
+};
+
+export type SentinelCheckIntegrationTestDefaultConfiguration = {
+  __typename?: 'SentinelCheckIntegrationTestDefaultConfiguration';
+  /** whether to ignore default namespace/deployment labels and annotations */
+  ignore?: Maybe<Scalars['Boolean']['output']>;
+  /** annotations to apply to created namespaces */
+  namespaceAnnotations?: Maybe<Scalars['Map']['output']>;
+  /** labels to apply to created namespaces */
+  namespaceLabels?: Maybe<Scalars['Map']['output']>;
+  /** container image registry for test deployments */
+  registry?: Maybe<Scalars['String']['output']>;
+  /** annotations to apply to test deployments */
+  resourceAnnotations?: Maybe<Scalars['Map']['output']>;
+  /** labels to apply to test deployments */
+  resourceLabels?: Maybe<Scalars['Map']['output']>;
+};
+
 export type SentinelCheckKubernetesConfiguration = {
   __typename?: 'SentinelCheckKubernetesConfiguration';
   /** the api group to use when fetching this resource */

charts/console/templates/git-server.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.gitServer.enabled }}
+{{- if or .Values.gitServer.enabled .Values.console.config.airgap }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:

charts/console/templates/secrets.yaml

@@ -80,6 +80,12 @@ data:
 {{ if .Values.console.config.agentHelmValues }}
   CONSOLE_AGENT_HELM_VALUES: {{ .Values.console.config.agentHelmValues | toYaml | b64enc | quote }}
 {{ end }}
+{{ if .Values.console.config.licenseKey }}
+  CONSOLE_LICENSE_KEY: {{ .Values.console.config.licenseKey | b64enc | quote }}
+{{ end }}
+{{ if .Values.console.config.adminEmails }}
+  CONSOLE_ADMIN_EMAILS: {{ .Values.console.config.adminEmails | join "," | b64enc | quote }}
+{{ end }}
 {{ if .Values.cloud.pgRootCert }}
 ---
 apiVersion: v1

charts/console/values.yaml

@@ -75,6 +75,12 @@ console:
 
     # agentHelmValues is used to configure the helm values for the agent on bootstrap. To configure them post-install, utilize the DeploymentSettings CR in our management cluster API.
     agentHelmValues: ~
+
+    # licenseKey is used to configure the license key for the Plural Console for airgapped installations.
+    licenseKey: ~
+
+    # adminEmails is a list of emails which will be auto-configured as admins in the console.
+    adminEmails: []
 
   # customOidc is used to configure custom oidc authentication for the console.
   customOidc:

charts/controller/crds/deployments.plural.sh_sentinels.yaml

@@ -188,6 +188,52 @@ spec:
                                 - type
                                 type: object
                               type: array
+                            default:
+                              description: Default configures default test cases and
+                                global behavior (e.g. namespace labels and annotations
+                                for created resources).
+                              properties:
+                                ignore:
+                                  description: Ignore disables default integration
+                                    test cases, useful if you'd prefer to just use
+                                    custom test cases exclusively.
+                                  type: boolean
+                                namespaceAnnotations:
+                                  additionalProperties:
+                                    type: string
+                                  description: NamespaceAnnotations annotations to
+                                    apply to created namespaces (test cases run in
+                                    temporary namespaces to ensure cleanup is seamless).
+                                  type: object
+                                namespaceLabels:
+                                  additionalProperties:
+                                    type: string
+                                  description: NamespaceLabels labels to apply to
+                                    created namespaces (test cases run in temporary
+                                    namespaces to ensure cleanup is seamless).
+                                  type: object
+                                registry:
+                                  description: Registry container image registry for
+                                    test deployments.  Image names an tags will still
+                                    be preserved
+                                  type: string
+                                resourceAnnotations:
+                                  additionalProperties:
+                                    type: string
+                                  description: ResourceAnnotations annotations to
+                                    apply to test resources within a namespace (this
+                                    is useful if you need to sidestep policy enforcement
+                                    for test resources).
+                                  type: object
+                                resourceLabels:
+                                  additionalProperties:
+                                    type: string
+                                  description: ResourceLabels labels to apply to test
+                                    resources within a namespace (this is useful if
+                                    you need to sidestep policy enforcement for test
+                                    resources).
+                                  type: object
+                              type: object
                             distro:
                               description: the distro to run the check on
                               enum:
@@ -243,7 +289,10 @@ spec:
                                   type: string
                               type: object
                             jobSpec:
-                              description: the job to run for this check
+                              description: The job to run for this check. We expect
+                                there to at least be one container named `default`
+                                that includes the sentinel go test code.  It's also
+                                recommended to not allow retries on the job.
                               properties:
                                 annotations:
                                   additionalProperties:

config/prod.exs

@@ -2,6 +2,10 @@ import Config
 
 config :console, :initialize, true
 
+config :hackney,
+  max_connections: 150,
+  max_per_host: 20
+
 config :console, ConsoleWeb.Endpoint,
   adapter: Bandit.PhoenixAdapter,
   http: [

go/controller/api/v1alpha1/sentinel_types.go

@@ -71,7 +71,8 @@ type SentinelCheckIntegrationTestConfiguration struct {
 	//+kubebuilder:validation:Enum=PLAINTEXT;JUNIT
 	Format console.SentinelRunJobFormat `json:"format"`
 
-	// the job to run for this check
+	// The job to run for this check. We expect there to at least be one container named `default` that includes the sentinel go test code.  It's also recommended to not allow retries on the job.
+	// +kubebuilder:validation:Optional
 	Job *JobSpec `json:"jobSpec,omitempty"`
 
 	// the configuration for the gotestsum test runner for this check
@@ -80,21 +81,57 @@ type SentinelCheckIntegrationTestConfiguration struct {
 
 	// the distro to run the check on
 	//+kubebuilder:validation:Enum=GENERIC;EKS;AKS;GKE;RKE;K3S;OPENSHIFT
+	//+kubebuilder:validation:Optional
 	Distro *console.ClusterDistro `json:"distro,omitempty"`
 
 	// the cluster tags to select where to run this job
+	// +kubebuilder:validation:Optional
 	Tags map[string]string `json:"tags,omitempty"`
 
 	// RepositoryRef references a Git repository to use for this integration test.
 	// +kubebuilder:validation:Optional
 	RepositoryRef *corev1.ObjectReference `json:"repositoryRef,omitempty"`
 
 	// The git location to use for this integration test.
+	// +kubebuilder:validation:Optional
 	Git *GitRef `json:"git,omitempty"`
 
+	// Default configures default test cases and global behavior (e.g. namespace labels and annotations for created resources).
+	// +kubebuilder:validation:Optional
+	Default *SentinelCheckIntegrationTestDefault `json:"default,omitempty"`
+
+	// A list of custom test cases to run for this check.  These can provide yaml-configurable targeted cases of things like coredns, load balancers, pvcs, etc.
+	// +kubebuilder:validation:Optional
 	Cases []SentinelCheckIntegrationTestCase `json:"cases,omitempty"`
 }
 
+// SentinelCheckIntegrationTestDefault configures default integration test behavior: built-in test cases and labels/annotations applied to created namespaces and deployments.
+type SentinelCheckIntegrationTestDefault struct {
+	// Ignore disables default integration test cases, useful if you'd prefer to just use custom test cases exclusively.
+	// +kubebuilder:validation:Optional
+	Ignore *bool `json:"ignore,omitempty"`
+
+	// NamespaceLabels labels to apply to created namespaces (test cases run in temporary namespaces to ensure cleanup is seamless).
+	// +kubebuilder:validation:Optional
+	NamespaceLabels map[string]string `json:"namespaceLabels,omitempty"`
+
+	// NamespaceAnnotations annotations to apply to created namespaces (test cases run in temporary namespaces to ensure cleanup is seamless).
+	// +kubebuilder:validation:Optional
+	NamespaceAnnotations map[string]string `json:"namespaceAnnotations,omitempty"`
+
+	// Registry container image registry for test deployments.  Image names an tags will still be preserved
+	// +kubebuilder:validation:Optional
+	Registry *string `json:"registry,omitempty"`
+
+	// ResourceAnnotations annotations to apply to test resources within a namespace (this is useful if you need to sidestep policy enforcement for test resources).
+	// +kubebuilder:validation:Optional
+	ResourceAnnotations map[string]string `json:"resourceAnnotations,omitempty"`
+
+	// ResourceLabels labels to apply to test resources within a namespace (this is useful if you need to sidestep policy enforcement for test resources).
+	// +kubebuilder:validation:Optional
+	ResourceLabels map[string]string `json:"resourceLabels,omitempty"`
+}
+
 type SentinelCheckIntegrationTestCase struct {
 	// Type the type of test case to run
 	//+kubebuilder:validation:Enum=COREDNS;LOADBALANCER;RAW;PVC